Skip to content

Commit

Permalink
Added ECC PK_CALLBACKS + CRYPTO_CB APIs
Browse files Browse the repository at this point in the history
  • Loading branch information
danielinux committed Mar 17, 2023
1 parent 994b1c0 commit e1f4c17
Show file tree
Hide file tree
Showing 5 changed files with 372 additions and 27 deletions.
9 changes: 6 additions & 3 deletions include/wolfboot/wc_secure.h
Original file line number Diff line number Diff line change
Expand Up @@ -39,14 +39,17 @@ int __attribute__((cmse_nonsecure_entry)) wcs_slot_read(int slot_id,


/* ECC */
int __attribute__((cmse_nonsecure_entry)) wcs_ecc_import_public(int slot_id,
uint8_t *pubkey, uint32_t key_size, int curve_id);
int __attribute__((cmse_nonsecure_entry)) wcs_ecc_import_public(int ecc_curve,
uint8_t *pubkey, uint32_t key_size);

int __attribute__((cmse_nonsecure_entry)) wcs_ecc_keygen(uint32_t key_size,
int ecc_curve);

int __attribute__((cmse_nonsecure_entry)) wcs_ecc_getpublic(int slot_id,
uint8_t *pubkey, uint32_t *pubkeySz);

int __attribute__((cmse_nonsecure_entry)) wcs_ecdh_shared(int privkey_slot_id,
int pubkey_slot_id, int shared_slot_id);
int pubkey_slot_id, uint32_t outlen);

/* ECC Calls with wrapper for arguments (ABI only allows 4 arguments) */
int __attribute__((cmse_nonsecure_entry))
Expand Down
71 changes: 49 additions & 22 deletions src/wc_callable.c
Original file line number Diff line number Diff line change
Expand Up @@ -237,30 +237,48 @@ static int keyvault_init(void)
* using WCS.
*/

int __attribute__((cmse_nonsecure_entry)) wcs_ecc_import_public(int slot_id,
uint8_t *pubkey, uint32_t key_size, int curve_id)

int __attribute__((cmse_nonsecure_entry))
wcs_ecc_import_public(int curve_id, uint8_t *pubkey, uint32_t key_size)
{
ecc_key *key;
struct wcs_key *newkey;
int slot_id;
struct wcs_key *wk;
int ret;
ecc_key new_key;

if ((curve_id < 0) || (wc_ecc_is_valid_idx(curve_id) == 0))
return ECC_BAD_ARG_E;

slot_id = keyvault_new(WCS_TYPE_ECC, sizeof(ecc_key),
WCS_ACCESS_WRITE |
WCS_ACCESS_DERIVE | WCS_ACCESS_VERIFY | WCS_ACCESS_EXPORT_PUBLIC);
if (slot_id < 0)
return -1;
if (slot_id >= WCS_SLOTS)
return -1; /* Id too big */
return -1;
if (WCS_KV.slot_used[slot_id] == 0)
return -1;
newkey = keyvault_get_slot(slot_id);
if (newkey == KEYVAULT_INVALID_ADDRESS)
wk = keyvault_get_slot(slot_id);
if (wk == KEYVAULT_INVALID_ADDRESS)
return -1;
if (newkey->provisioned != 0)
if (wk->type != WCS_TYPE_ECC)
return -1;
if ((newkey->access_flags & WCS_ACCESS_WRITE) == 0)
if ((wk->access_flags & WCS_ACCESS_WRITE) == 0)
return -1;
if ((curve_id < 0) || (wc_ecc_is_valid_idx(curve_id) == 0))
return ECC_BAD_ARG_E;
key = &newkey->key.ecc;
if (wc_ecc_init(key) < 0)
if (wk->size != sizeof(ecc_key))
return -1;
if (wc_ecc_init(&new_key) != 0)
return -1;
ret = wc_ecc_import_unsigned(&new_key, pubkey, pubkey + key_size,
NULL, curve_id);
if (ret < 0)
return -1;
return wc_ecc_import_unsigned(key, pubkey, pubkey + key_size, NULL,
curve_id);

memcpy(&wk->key.ecc, &new_key, sizeof(ecc_key));
wk->size = key_size;
wk->provisioned++;
wk->access_flags &= (~WCS_ACCESS_WRITE);
return slot_id;
}

int __attribute__((cmse_nonsecure_entry))
Expand All @@ -272,6 +290,7 @@ wcs_ecc_keygen(uint32_t key_size, int ecc_curve)
WC_RNG wcs_rng;
ecc_key new_key;
slot_id = keyvault_new(WCS_TYPE_ECC, sizeof(ecc_key),
WCS_ACCESS_WRITE |
WCS_ACCESS_DERIVE | WCS_ACCESS_SIGN | WCS_ACCESS_EXPORT_PUBLIC);
if (slot_id < 0)
return -1;
Expand Down Expand Up @@ -299,6 +318,7 @@ wcs_ecc_keygen(uint32_t key_size, int ecc_curve)
memcpy(&wk->key.ecc, &new_key, sizeof(ecc_key));
wk->size = key_size;
wk->provisioned++;
wk->access_flags &= (~WCS_ACCESS_WRITE);
return slot_id;
}

Expand Down Expand Up @@ -400,9 +420,10 @@ wcs_ecc_getpublic(int slot_id, uint8_t *pubkey, uint32_t *pubkeySz)


int __attribute__((cmse_nonsecure_entry))
wcs_ecdh_shared(int privkey_slot_id, int pubkey_slot_id, int shared_slot_id, word32 *outlen)
wcs_ecdh_shared(int privkey_slot_id, int pubkey_slot_id, word32 outlen)
{
struct wcs_key *priv, *pub, *shared;
int shared_slot_id = -1;
byte outkey[WCS_MAX_DERIVED_KEY_SIZE];

if (privkey_slot_id > WCS_SLOTS)
Expand All @@ -415,6 +436,7 @@ wcs_ecdh_shared(int privkey_slot_id, int pubkey_slot_id, int shared_slot_id, wor
priv = keyvault_get_slot(privkey_slot_id);
pub = keyvault_get_slot(pubkey_slot_id);


if ((priv == KEYVAULT_INVALID_ADDRESS) || (pub == KEYVAULT_INVALID_ADDRESS))
return -1;
if ((priv->provisioned == 0) || (pub->provisioned == 0))
Expand All @@ -428,8 +450,13 @@ wcs_ecdh_shared(int privkey_slot_id, int pubkey_slot_id, int shared_slot_id, wor
return -1;
}

if (shared_slot_id > WCS_SLOTS)
shared_slot_id = keyvault_new(WCS_TYPE_AES, outlen,
WCS_ACCESS_WRITE | WCS_ACCESS_READ | WCS_ACCESS_ENCDEC
);

if (shared_slot_id < 0)
return -1;

if (WCS_KV.slot_used[shared_slot_id] == 0)
return -1;

Expand All @@ -442,16 +469,16 @@ wcs_ecdh_shared(int privkey_slot_id, int pubkey_slot_id, int shared_slot_id, wor
return -1;
if ((shared->access_flags & WCS_ACCESS_ENCDEC) == 0)
return -1;
if (shared->size < *outlen)
if (shared->size < outlen)
return -1;
if (WCS_MAX_DERIVED_KEY_SIZE < *outlen)
if (WCS_MAX_DERIVED_KEY_SIZE < outlen)
return -1;
if (wc_ecc_shared_secret(&priv->key.ecc, &pub->key.ecc, outkey, outlen) != 0)
if (wc_ecc_shared_secret(&priv->key.ecc, &pub->key.ecc, outkey, &outlen) != 0)
return -1;

XMEMCPY(&shared->key.raw, outkey, *outlen);
XMEMCPY(&shared->key.raw, outkey, outlen);
shared->provisioned = 1;
return 0;
return shared_slot_id;
}

int __attribute__((cmse_nonsecure_entry))
Expand Down
1 change: 1 addition & 0 deletions test-app/Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -105,6 +105,7 @@ endif
ifeq ($(TARGET),stm32l5)
ifeq ($(TZEN),1)
LSCRIPT_TEMPLATE=ARM-stm32l5-ns.ld
APP_OBJS+=wcs/wolfcrypt_secure.o
else
LSCRIPT_TEMPLATE=ARM-stm32l5.ld
endif
Expand Down
3 changes: 1 addition & 2 deletions test-app/app_stm32l5.c
Original file line number Diff line number Diff line change
Expand Up @@ -107,13 +107,12 @@ void main(void)
uint32_t rand;
uint32_t i;
uint32_t klen = 200;
int otherkey_slot;
wcs_get_random((void*)&rand, 4);
for (i = 0; i < (rand / 100000000); i++)
;

wcs_slot_read(0, (unsigned char *)CaBuf, 2048);
wcs_ecc_getpublic(1, my_pubkey, &klen);
wcs_ecc_import_public(4, my_pubkey, klen, 7);

#endif
hal_init();
Expand Down
Loading

0 comments on commit e1f4c17

Please sign in to comment.